Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-27715
An issue exists in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows malicious users to bypass the authentication and execute arbitrary code via crafted HTTP request.
Mofinetwork Mofi4500-4gxelte-v2 Firmware 3.5.6-xnet-5052
445
VMScore
CVE-2015-7761
Mail in Apple OS X prior to 10.11 does not properly recognize user preferences, which allows malicious users to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
Apple Mac Os X
905
VMScore
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and previous versions uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Zohocorp Manageengine Opmanager 11.5
1 EDB exploit
1 Github repository
578
VMScore
CVE-2015-7769
baserCMS 3.0.2 up to and including 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
Basercms Basercms 3.0.7
Basercms Basercms 3.0.6
Basercms Basercms 3.0.2
Basercms Basercms 3.0.8
Basercms Basercms 3.0.6.1
Basercms Basercms 3.0.5.1
383
VMScore
CVE-2015-7771
Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework prior to 1.13.0 for Android and iOS allows remote malicious users to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican application, a differe...
Newphoria Corporation Applican
668
VMScore
CVE-2021-27730
Accellion FTA 9_12_432 and previous versions is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
Accellion Fta
383
VMScore
CVE-2015-7772
Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework prior to 1.13.0 for Android and iOS allows remote malicious users to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment in an applican app...
Newphoria Corporation Applican
383
VMScore
CVE-2021-27731
Accellion FTA 9_12_432 and previous versions is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
Accellion Fta
312
VMScore
CVE-2021-27733
In JetBrains YouTrack prior to 2020.6.6441, stored XSS was possible via an issue attachment.
578
VMScore
CVE-2015-7773
Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby prior to 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension.
Bastian Allgeier Kirby
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »